Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptography Failures

Published byΚύμα Λόντος Modified over 6 years ago

Similar presentations

Presentation on theme: "Cryptography Failures"— Presentation transcript:

1 Cryptography Failures
Past, Present, And Future Illustrations by Anita Medved. Josip Medved medo64.com @medo64

2 Content A bit about historically significant ciphers
and how they were broken How is encryption broken today? What future brings?

3 Caesar Simple substitution cipher Many variants
plaintext: IBM; key: -1; ciphertext: HAL I → H, B → A, M → L Many variants Susceptible to frequency analysis (Al-Kindi 9th century) Q&A: Many variants – e.g. ROT-13 Resources:

4 Caesar: History First known usage by Julius Caesar (cca 100 BC)
he also used a bit more complicated one – lost to history Reasonably secure for the time Used even in modern times Q&A: Reasonably secure for the time – because nobody could read to start with :) Resources:

5 Caesar: Failure 2006: Bernardo Provenzano (mafia boss) used variation of it A → 4, B → 5, C → 6, ... caught :) 2011: Rajib Karim (terrorist) used PGP personally his Bangladeshi partners refused to use program made by “infidels” Resources:

6 Caesar: Lessons Old “software” dies hard :) Obfuscation is sometime ok
just don’t use it for anything important Security is only as good as the weakest link friends don’t let friends use weak ciphers Q&A: Many variants – e.g. ROT-13 Resources:

7 Vigenère Polyalphabetic substitution
plaintext: ABCD; key: KEY; ciphertext: KFAN A → K, B → F, C → A, D → N Q&A: Polyalphabetic substitution - essentially bunch of caesar ciphers interwoven together Resources:

8 Vigenère: History First described by Giovan Battista Bellaso in 1553
Called “Le chiffre indéchiffrable” Friedrich Kasiski solved it in 1863 Charles Babbage broke it as early as 1846 Q&A: First described by Giovan Battista Bellaso - misattributed to Blaise de Vigenère in 19th century Resources:

9 Vigenère: Failure 1892: Anarhists used variant called Gronsfeld/Beaufort essentially just used letter/number combination Q&A: Not too many failures because it was actually quite strong for the day and not commonly used as it was difficult to implement correctly. if you get caught with it there is not much to deny it – pipe works for password recovery Resources:

10 Vigenère: Lessons Just because it looks undecipherable, it isn’t necessarily safe

11 Enigma Rotor stream cipher Electro-mechanical in nature
Period of 16,900 letters (26*25*26) as messages were usually in hundreds of letters, this meant no-repeat Q&A: Electro-mechanical in nature – basically making electrical circuit through rotors Period – Lorenz machine actually had period in billions Resources:

12 Enigma: History Developed by Arthur Scherbius in 1920s
Commercially used with three rings

13 Enigma: Failure Math behind enigma was cracked by Marian Rejewski in 1932 This didn’t actually break anything Actual breaking happened later that year French spy Hans-Thilo Schmidt obtained daily keys British cracked five-rotor machine in Bletchley Park in 1941 Q&A: Daily keys were for period of September and October 1932 Breaking – no physical machine was stolen

14 Enigma: Lessons Output must be random Correlations are killer
Bigger key space makes a difference Attack on partial rounds can always be expanded Q&A: random – output never resulted in the same letter correlations – due to how machine worked, first and fifth rotor were correlated, second and forth too

15 Lorenz Rotor stream cipher In-line attachment to standard teleprinters
First encryption method using (relative) primes Nicknamed Tunny by British Q&A: Twelve rotors Enigma was called sawfish Resources:

16 Lorenz: History Based on work by Gilbert Vernam at AT&T Bell Labs in 1917 XOR baby! First experimental link (SZ40) in June 1941 Used for army communications from mid-1942 with variants SZ42A and later SZ42B

17 Lorenz: Failure 4000 character message sent in August 1941 from Athens to Vienna receiving operator asked for repeat sending operator repeated message with the same key but slight abbreviations both plain texts were extracted together with their key Bill Tutte discovered 41-character repetition pattern most of team working with him later worked on Enigma

18 Lorenz: Lessons Don’t encrypt different plaintext with the same key
EVER Don’t leak encryption state information Unencrypted header accompanied Lorenz traffic Don’t get fancy Q&A: 12-letter header – called indicator – replaced by 2-letter index Leak – QEP books started to be used in October 1942 fancy – two extra wheels controlled stutter – i.e. mixing of two streams – made it actually easier to decrypt

19 MD-5 Designed by Roland Rivest in 1991 128-bit hash Resources:

20 MD-5: History 1993: pseudo-collision
1996: first full collision is found 2004: distributed birthday attack 2005: document content collision 2008: changing end-certificate to intermediate CA 2010: first single-block collision published 2013: second single-block collision – published with source and documentation Q&A: * distributed birthday attack – too 6 months

21 MD-5: Attacks 2012: Flame malware forged Windows update certificate

22 MD-5: Lessons Allow algorithms to change over time
quite a few applications had 16 bytes for hash hardcoded Replace algorithms early Symantec phased MD-5 out starting in 2009 Microsoft phased MD-5 certificates in 2014 still often used in anti-virus industry Q&A: Microsoft – they still allow MD-5 for their certificates Resources:

23 SHA-1 Designed as part of US government Capstone project
authored by NSA original implementation (now called SHA-0) was slightly corrected Published in 1995 160-bit Q&A: SHA-0 was indeed broken sooner than SHA-1 Resources:

24 SHA-1: History 2005: reduced version attack (53 rounds)
2006: two-block collision 2010: single-block attack extended to 73 2015: first full collision (aka SHAppening) 2017: first public collision (aka SHAttered) 2017: SSL certificates not accepted by major browsers Q&A: reduced version – 53 rounds (out of 80)

25 SHA-1: Lessons Allow algorithms to change over time
quite a few applications had 20 bytes for hash hardcoded Replace algorithms early Major browsers abandoning only in 2017 Still often used Resources:

26 How attacks look these days?

27 Keyloggers Resources:

28 Keyloggers Software keyloggers are easier
FBI Magic Lantern (as of 2001) also captures web history, network ports, and passwords stored CIPAV (Computer and Internet Protocol Address Verifier, as of 2007) captures location information and IP addresses computer connects to Q&A: as of 2001 – FBI used “commercial” keyloggers before Resources:

29 Nicodemo Salvatore Scarfo
1999 Cosa nostra 14 years in prison Used encryption! Used dial-up! remote connection unlikely FBI broke into his offices twice :) Resources:

30 Larry Ropp KEYKatcher 2004 Did not violate federal wire-tap law
Spied on his employer Dismissed KEYKatcher Did not violate federal wire-tap law Resources:

31 Josh Glazebrook 2007 Washington school bomb threats 90 days in custody
Handwritten notes Anonymous Anonymous MySpace profile Anonymous VPN FBI installed CIPAV on MySpace profile Q&A: CIPAV was used to get IP address Resources:

32 Keyloggers: Advice Check occasionally for rogue USB devices
Watch what you click Think about reinstalling your computer from time to time Cover camera? Resources:

33 Network Interception Resources:

34 Network Interception Useful for pen-testing
You get it for free on public wireless Western District of Pennsylvania available to attorneys, other legal staff and the media in terms: “we reserve the right to log or monitor traffic” Resources:

35 Gogo Inflight Issues fake SSL certificates 2016
Man-in-the-middle attack Issues fake SSL certificates “to better serve consumer” throttling, naughty site protection... and CALEA Nothing to see here – part of privacy policy Resources:

36 Starbucks* Public WiFi was hacked 2017
Man-in-the-middle attack * Starbucks were not actually involved – just their store Public WiFi was hacked Customer laptops were taken over by rogue JavaScript Monero mining Resources:

37 VPNfilter Targets devices using Modbus protocol 2018
Russian botnet Fancy bear group :) Seized by FBI Targets devices using Modbus protocol industrial hardware control 500,000 devices infected 50ish router models Asus, D-Link, Huawei, Linksys, Mikrotik, Netgear, QNAP, TP-Link, Ubiquity, Upvel, ZTE Q&A: reboot your router Resources:

38 Network Interception: Advice
Always use VPN on public networks Make sure your internal communication is encrypted too Update firmware regularly Resources:

39 Backdoors Accidental Intentional Hardware-based
Debian’s OpenSSL issue in 2008 Intentional elliptic curve RNG Hardware-based Resources:

40 DEbian OpenSSL Bug limited number of keys to 32,768 Broken in 2006
Fixed in 2008 Bug limited number of keys to 32,768 Also present on Debian’s derivative e.g. Ubuntu Probably some of these keys are present today too Resources:

41 Dual_EC_DRBG Weakened encryption Published in 2006 Default in BSAFE
Withdrawn in 2014 Weakened encryption non-transparently chosen initial state Default in BSAFE by RSA Security Non-default in many more Q&A: initial state – carefully chosen P and Q points Even affected hardware - Juniper Networks ScreenOS Resources:

42 Simon and Speck Lightweight block ciphers Created in 2013
Rejected by ISO in 2018 Lightweight block ciphers Optimized for IoT Resources:

43 Backdoors: advice Trust no one? Update software regularly
Update firmware regularly Physical security is important

44 Future IoT encryption algorithms Quantum computers Politics
primary goal is to have it run on weak hardware Quantum computers Making RSA obsolete Politics Resources:

45 Thank You Josip Medved medo64.com @medo64

Download ppt "Cryptography Failures"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Modern Cryptography.

Modern Cryptography.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.

What is Cryptography? Definition: The science or study of the techniques of secret writing, esp. code and cipher systems, methods, and the like Google.
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:

Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:
Lecture 2: Introduction to Cryptography

Lecture 2: Introduction to Cryptography
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.

TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.

1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
CS 150 – Computing: From Ada to the Web Cryptography.

CS 150 – Computing: From Ada to the Web Cryptography.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.

Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Similar presentations

Ads by Google